Personal Security Checklist by Alicia Sykes et al
Posted on March 3, 2024 • 5 minutes • 1019 words
Table of contents
Personal Security Checklist by Alicia Sykes et al.
What is your maturity level of security by authentication, browsing, email and many other main fields? That is the main question answered by an open-source project called 'Digital Defense' initiated by Alicia Sykes. It provides a checklist for 12 different main topics for reference. In that text, I’d like to introduce it and mention the fields that will be helpful for people interested in personal security in the digital age.
Before diving into details, I’d like to mention that up-to-date checklists could be handy for those interested in protecting privacy and discovering new platforms, tools, and services. Of course, by the nature of the open-source ecosystem, there are many contributors that I’d like to thank. As of today, there are 82 different contributors in the project's github repository. The points are classified as “recommended, optional, and advanced.”
There are 12 main topics with dedicated lists:
- Authentication
- Web Browsing
- Messaging
- Social Media
- Networks
- Mobile Devices
- Personal Computers
- Smart Home
- Personal Finance
- Human Aspect
- Physical Security
I’d like to refer to some of the points from those topics:
Authentication
- Don’t reuse passwords
- Keep Backup Codes Safe: That is really important for MFA activations. If the MFA device is lost, then backup codes should be used.
- Sign up for Breach Alerts: Thanks to that platform, I’ve discovered Firefox Monitor that supports adding up to 5 different emails and informing in case of a breach of those addresses.
- Shield your Password or PIN: There is always a risk of CCTV or shoulder surfing while using credit cards.
Web Browsing
- Use DNS-over-HTTPS
- Multi-Session Containers: It helps to open a dedicated tab for a specific task.
- Understand Your Browser Fingerprint: Check Am I Unique? to get more details.
- Manage Cookies: Auto-deleting is a good option. There is an extension called Cookie AutoDelete for that purpose.
- Prevent Automatic Browser Connections: There is a general security suggestion to deactivate ‘running browsers after they closed.’
- First Launch Security: They suggest deactivating the internet connection after the first installation and before the specific configurations.
- Use Plaintext
- Don’t connect 3rd party apps to your email account
- Be Careful with Mail Signatures: Some tools may collect those specific contacts, positions and company details.
Messaging
- Ensure your Recipient’s Environment is Secure: That is an excellent point. We’re just one of the sides who should be considered in that two-way street.
- Agree on a Communication Plan: What happens if that chat group critical for a task is unavailable?
Social Media
- Check Privacy Settings: Simple but generally not checked by everyone.
- Think of All Interactions as Public: After sending a tweet, post or picture, there is no way to remove it from the internet entirely. Simple as it is.
- Don’t Reveal too Much: A fundamental principle of cybersecurity is the need-to-know aspect. Does everyone on your social media account need to know your favourite restaurant you visit regularly?
- Avoid Publishing Geo Data while still Onsite: If you’re on vacation and publish it to everyone, that is an invitation for someone with unethical intentions to your place.
Networks
- Use a VPN: Especially on public networks.
Mobile Devices
- Keep app count to a minimum: Do you need your favourite online platform’s mobile application? Can you not do the same thing on your browser?
- Be Careful of Phone Charging Threats: Using a power bank is always preferable.
- Erase after too many login attempts: That is another preventive measure against brute-force attacks to access data on the mobile device.
- Avoid Custom Virtual Keyboards: 3rd-party virtual keyboards may not come from a trusted source.
- Restart Device Regularly
- Avoid SMS: It can be intercepted and sniffed by threat actors.
- Consider running a custom ROM (Android): An advanced suggestion. There are some “un-googled” Android versions to install for specific devices.
Personal Computers
- Keep your System up-to-date: Always.
- Activate Screen-Lock when Idle: An uncomfortable experience in some aspects but a necessary configuration.
- Don’t link your PC with your Microsoft or Apple Account: Is it indispensable to log in? It may not.
- Don’t use a Root/Admin Account for Non-Admin Tasks: There is no need for a root account for daily tasks.
- Block Webcam + Microphone: Physically.
Smart Home
- Rename devices to not specify brand/model: It’s easy for attackers to get more technical details with that information.
- Keep firmware up-to-date: Those devices are like computers and should also be kept up-to-date.
- Be wary of wearables
- Don’t connect your home’s critical infrastructure to the Internet: Network isolation can help mitigate some threats as much as possible.
Personal Finance
- Use Virtual Cards: In case of a data breach, your physical card info will not be disclosed. Virtual cards can be easily deactivated and created again.
Human Aspect
- Never Leave Device Unattended: Sending an email to coworkers from an unlocked coworker’s device is expected.
- Do not assume a site is secure just because it is
HTTPS: It is just a protocol to encrypt client-server communication. That communication can still contain malicious content.
Physical Security
- Don’t Reveal Info on Inbound Calls: There are threat vectors that clone a people’s voice you know and get the information they want.
- Protect your Home Address: If you can use a post-office location to receive mail, there is no need to share your home address.
- Protect your DNA: That is an interesting point. People may not consider that from a privacy perspective, but those biometrics can not be changed after a potential disclosure. There is a striking episode of Black Mirror about that called 'USS Callister.'
Conclusion
Lastly, those are just some of the 258 points from 'The Ultimate Personal Security Checklist.' That is beneficial to guide less technical people. Those points are helpful if you consider the potential unwanted results of our digital age. In the end, it may be acceptable for one person and not for another. It is mainly a subjective point of view. But I’d like to mention one last thing: There was a quotation from a report in the previous ten years: “Privacy will be a luxury, not a right.”
Dear Alicia Sykes and everybody in the project, thank you for that helpful project and your efforts!